强制在浏览器退出时注销 [英] Force log off on browser exit
问题描述
大家好。
我已经在互联网上搜索以某种方式确定了做到这一点的最佳做法,除了以下情况之外似乎无法想出任何东西但是如果有人有更好的想法请随意评论。
项目的一些背景
这个特定的网站有一个敏感的客户群,安全性有点重要。我想要完成的是从网站注销的安全方式。现在大多数人都会使用注销功能来关闭和结束他们的会话,但我们不时会找到一个关闭浏览器但没有注销的人。由于此网站仅允许您一次从一台计算机登录并检查数据库以查看您当前是否已登录。如果用户关闭浏览器而未注销,则不会将数据库设置为已注销,然后是需要通过延长金额的安全检查才能重新登录。
我在这里没有使用cookies我想要完成的任务。
在浏览器退出时,只有关闭浏览器控件XI才能打开一个弹出窗口,将其注销然后关闭。弹出窗口不是问题,也不是在onunload上使用body onunload和body注销。但不知何故,我需要控制卸载只在浏览器关闭时触发,而不是在人们导航时。希望你们能得到我想要的漂移。我知道这是可行的,因为我的银行有它。但我找不到任何可行的东西。然而那就是
额外信息
也许我需要进一步深入研究,检查一下此外,我发现我们已经验证用户是否在每个页面加载时登录。我想问题是用户只允许一次从一台机器或会话在线。如果他正确结束那个会话,那么效果很好。但如果您说浏览器崩溃或忘记注销并关闭浏览器,则不会重置数据库中的用户设置。所以我想要做的就是解决这个问题。还在寻找任何建议。
再次感谢.. - Robert Adamo 1秒前
Hello everyone
I have search the internet to somehow determine the best practice to do this and can't seem to come up with anything except the following but if anyone has a better idea please feel free to comment.
Some background on project
This particular website has a sensitive client base and security is somewhat important. What I am trying to accomplish is a safe way to log off from the site. Now most people will use the logoff feature to close and end their session but from time to time we find someone that closes the browser without logging off. Since this website only allows you to be logged in from one machine at a time and checks the DB to see if your are currently logged in. If the user close the browser without logging off he does not set the db to logged off and then is required to go through an extension amount of security checks to log back in.
Without using cookies here what I am trying to accomplish.
On browser exit and only from the close browser control X I want a popup window to open that will log him off and then close. The popup is not a problem nor is the log off using body onunload and body on beforeunload. But somehow i need to control the unload to fire only when the browser is being closed not when people are navigating. Hopefully you guys get the drift where I am looking to go with this. I know it doable because my bank has it. But i haven't been able to find anything that works. Yet that is
Additonal Info
Maybe I need to go further into detials, After checking a little further I found that we are already verifing that the user is logged in as each page is loaded. I guess what the problem is that the user is only allowed to be online from one machine or session at a time. And if he ends that session correctly then is works great. But if as you said the browser crashes or they forget to log off and close the browser the user setting in the DB are not reset. So what I am trying to do is figure a way around that. Still looking for any suggestions.
Thanks again.. - Robert Adamo 1 sec ago
推荐答案
我不知道这可能有多可行是的,但我发现你可能包括一个客户端脚本,以某种方式周期性地敲击服务器 - 一个保持活动的信号。如果浏览器关闭或崩溃,此信号将失败,您可以启动注销。
I don't know how feasible this may be, but it occurs to me that you might include a client-side script to periodically whack the server in some way - a "keep-alive" signal. If the browser is closed or crashes, this signal would fail and you could initiate a logoff.
我强烈建议您遵循CWE / SANS TOP 25最危险编程错误作为最佳实践解决方案对于您的问题
解决方案参考: http: //www.sans.org/top25-software-errors/2009/ [ ^ ]
I would strongly recommend to follow CWE/SANS TOP 25 Most Dangerous Programming Errors as the best practice solution for your question
Solution reference at: http://www.sans.org/top25-software-errors/2009/[^]
这是不可能的。你总是不能做任何保证工作的事情。相反,您需要关闭所有网页中的缓存,并检查每个页面以确保用户已登录或重定向到登录页面。任何没有这样做的系统都没有任何安全保障。在浏览器关闭时添加代码以显示注销消息是很有可能的,我相信,但它也是可以破解的。所有需要发生的事情都是因为事件不会发生。例如,如果浏览器崩溃。
It's impossible. You can't do anything that is guarenteed to work, always. Instead, you need to turn off caching in all your web pages, and make each page check to make sure the user is logged in, or redirect to the login page. There is NOTHING secure about any system that does not do this. Adding code to show a logoff message when the browser is closed is quite possible, I am sure, but it's also hackable. All that needs to happen, is for the event to not fire. For example, if the browser crashes.
这篇关于强制在浏览器退出时注销的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
